Request trial
Request Trial

NXLog Docs

Windows Event ID

What is a Windows Event ID?

Description

Windows Event ID is a unique event identifier associated with each event in Windows Event Log. The Event ID determines the reason for every event logged. Event IDs are unique per source but are not globally unique; therefore, different sources may use the same event ID to identify unrelated operations.

Event IDs are the sliced bread of logging. Microsoft did a great job with the framework it created for Windows Event Log, even if it only gives a partial overview of what is happening on a particular system. You can view the logs in Windows Event Log and their associated Event IDs in the Event Viewer MMC snap-in included in Windows.

In the world of NXLog

As most corporate networks run on Windows (well, at least the less secure parts where the users are) and a Windows Domain Controller serves their directory services, Event IDs are essential to logging from these systems. Setting up your log collection based on Windows Event IDs is an obvious strategy, as plenty of resources provide a wealth of knowledge about them on the internet. And it is even easier if you have the right log collection tool to do it.

NXLog can directly collect logs from the native API of the Windows Event Log framework, meaning that it does not need any intermediate software or does not need to write down the logs with one technology and re-read them with another. What NXLog uses is the most efficient way of doing it. And on top of that, NXLog can be configured to collect logs from Windows Event Log based on their Event IDs; you only need to configure which Event IDs you want to collect from which event channel.

Known as

Windows Event ID, event id, eventid

Related

Security logging on Windows - beyond 4625
Top 5 Windows Security logs everyone should collect
Windows Event Log collection in a nutshell
Event IDs to monitor
Event Log for Windows 2008/Vista/later (im_msvistalog)

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS